Posted
by
samzenpus
on Monday July 18, 2011 @05:06AM
from the throw-a-dart dept.

daria42 writes "A bunch of researchers have been driving around Sydney, Australia, and scanning for unsecured Wi-Fi networks. You'd think that in this day and age, with all that we've learned about security, that Wi-Fi security would be almost universal ... but the truth is that about 2.6 percent don't even have basic password protection. Extrapolating a little, that adds up to 10,000 unsecured Wi-Fi networks across Sydney alone."

Also, I know TFA mentions "Residential Locations", but I wonder if there were any coffee shops dotted around which offer free wifi. Maybe none, but a short sentence in the article would help me sleep at night:)

With all due respect to Mr Schneier', whom I respect greatly for his knowledge on security, I'd argue he is making a common mistake that could cost him dearly.....he is thinking rationally like a geek and assuming the world will think like him which sadly it rarely if ever does. His biggest risk is if someone uses his connection to look at child porn, or even attempts to look at non existent child pron, since the FBI is known to set up "honey pots" of fake files and then not bother to record the referrer so

What kind of moron will allow unhindered free wifi? It's brain dead easy to set up a filtering proxy. Hell Privoxy and Dans Guardian will do most of it for you easily. Install DDWRT on that linksys and enjoy even basic keyword filtering.

I even block all ports other than 80. you can use my free wifi but based on my rules and restrictions. That's the cool part about being educated on what you are doing.

What kind of moron will allow unhindered free wifi? It's brain dead easy to set up a filtering proxy. Hell Privoxy and Dans Guardian will do most of it for you easily. Install DDWRT on that linksys and enjoy even basic keyword filtering.

I even block all ports other than 80. you can use my free wifi but based on my rules and restrictions. That's the cool part about being educated on what you are doing.

Yeah, it is cool - if you're educated on what you are doing. But for those who are not, why is anyone surprised they are running wide open?

In other news, 100,000 Sydney homes have unlocked water taps (faucets to Yanks) on their unfenced front lawns.Shops and offices have unsecured water outlets openly visible in the car-parks and verges.Anyone passing by could help themselves to free water! Oh the horror.

Look at the guy that wrote the "pro pedo" book. No pics, just his thoughts on a page sent him to jail, aka Thoughtcrime.

The fantasy that secured Wi-Fi spots are somehow "secure" is more dangerous than the possibility that your neighbor is looking a child porn via your access point.

By accepting that all Wi-Fi routers should be secure so nobody can use our access points to look at child porn, we're accepting the responsibility to always be a step ahead of motivated hackers and motivated perverts.

If "His biggest risk is if someone uses his connection to look at child porn", then his (Schneier's) position is entirely correct. What is it about this hysterical obsession with "child porn"? Are they lurking everywhere like the commies? Do we really have to pass laws criminalizing people who have incorrect thoughts? I strongly support criminalizing adults who take advantage of minors but it is always wrong to have thought crimes. Allowing thought crimes as a category allows people who really have evil int

"His biggest risk... the FBI is known to set up "honey pots" of fake files and then not bother to record the referrer so today that URL shortened link could actually get your door kicked in and you arrested if you click on it."

Apparently you don't keep up with the news. More and more, the courts have been ruling that an IP address does not constitute probable cause to search an individual, or in a recent case a particular home. The judge ruled that it only pointed to a neighborhood, no more. He acknowledged that it could have been anybody, including someone simply driving past in their car.

Poliice departments have been chastised over this, and increasingly, not decreasingly, so.

Didn't bother to actually READ my post before responding huh? Kinda missed the relevant part? here I'll highlight it for you " you are looking at as much as a year and a half of backlog sometimes"

Now let me make this perfectly clear: The odds of finding a judge to let you walk out before they have actually scanned your PCs for porn involving children? Oh about ZERO. And even in my little state you are talking a year and a half backlog, in the bigger states you may be looking at 2 to 3 YEARS. Now that is be

His biggest risk is if someone uses his connection to look at child porn, or even attempts to look at non existent child pron, since the FBI is known to set up "honey pots" of fake files and then not bother to record the referrer so today that URL shortened link could actually get your door kicked in and you arrested if you click on it.

Do you realize that by worrying about this, you are worse than the people who are worried about terrorist attacks in the US? That your odds of this happening are so extremely low, that by worrying about it and not worrying about getting killed by people throwing rocks on the freeway, you are being irrational? Because your chance of the latter is more likely.

It is a game of probability, lets say securing your wifi point decreases your odds of someone using your connection and bringing the police to your door by 90% (I'd say it's safe to assume 90% of potential trouble makers don't know how to nor have the time to break WPA). Now lets assume the police that show up have a 50% chance of listening to reason and doing a fair investigation before putting all the flags on your name that can ruin your life forever. Both cases are gambles, there is no 100% chance of ha

Yes but you see they are NOT gonna rule in your favor until they check your machine, after all for all they know you have several Gbs of child pron just sitting there. So you will get your hearing in ohhh...about two years during which you will be in county dealing with the methhead looking for trouble and the wife beater that needs a new punching bag.

Look folks I don't like this anymore than you but the problem is everyone here is making the classic is ought fallacy [wikipedia.org] where everyone is saying "it OUGHT not t

That was my thought at first too. Are some of them businesses? Or are some of them 'open' (in terms of not having a WEP/WPA password) but actually still require further authentication once connected (e.g. a VPN or a gateway which requires a username/password).

However now that I read TFA, I see that the observations were made only in residential areas (i.e. suburban streets). You would not expect to find many businesses in these areas. I'm sure a couple might have been, but not that many. So yeah it'll mostly be clueless people who haven't secured their home WiFi networks, it seems.

10,000 points in a city the size of Sydney is hardly that amazing though...

There's a service called FON [wikipedia.org] which has caught on with BT; Subscribe with FON, run a second open wireless network and share your broadband connection, authenticate to a FON account over VPN and share wireless all over the world where there is a FON wireless network.

More common in residential areas where there are no companies to be tied in with other subscribers.

Sadly my landlord's router has FON and you can't turn it off - you have to ask BT to disable FON from your account.

Obviously* my landlord is computer illiterate and wont know how to even ask, so I'm stuck with this second network running on the same bloody channel and no way to switch it off. Stupid fuckwit BT router and firmware.

* it's obvious, because he actually signed up with BT for Internet access. I mean, of all the idiotic decisions in a man's life..

I'm no security expert, but my understanding is any time one of your accepted devices attempts to connect to your network, it happily sends its MAC address over the air in plaintext and anyone with a free sniffer can grab the legitimate address, spoof it on their device and connect. Good for keeping out casual traffic, but anyone determined to get access won't see this as a barrier, I guess it depends what your aim is though (maybe you're happy to share with people who are techie enough to bypass the MAC au

Your computers will be broadcasting their MAC addresses in all the packets they send, so it takes just one captured packet to obtain a valid MAC address that can be used to connect to your network. That's actually less secure than WEP, which requires thousands of packets to obtain a valid key. Not to mention more effort, since if someone legitimately wants to connect, you have to whitelist their MAC address.

True - but people you you or I, or Slashdotters in general, aren't the norm. For each person who is intentionally running an open access point like yourself, I'd wager there's at least ten who have open access points unintentionally (or simply don't care).

Unlikely in Australia where the vast majority of residential connections have a monthly transfer cap. You can get unlimited plans (in some areas) but they are overkill for most people's requirements, and kinda expensive.

I wish that were the case here in Germany as well. Unfortunately the laws around here say you're responsible for your own unsecured WiFi - if the neighbors download illegal stuff, you're to blame for not securing it.

Hence, nearly everything around here is encrypted... even cafes and other places of business are switching to ticketed systems that allow them to track, pinpoint and restrict user activity. This isn't a problem for most patrons per se, but the prohibitive cost and added complication of such systems (compared to a few WiFi access points) is making a lot of places drop WiFi altogether of start charging for it.

Honestly I don't think this will come as a shock to ANYONE who has a wifi enabled device. There are unsecured access points everywhere in any given metropolitan space. I can get wifi reception in most places of three forks montana, a town with a population of less than 2000!

We'll probably have 10,000 or more when done. The goal is to have a complete coverage network, I'm talking everywhere, no drops. The building I work in has a couple hundred (we actually found a bug in old Intel wireless drivers, they couldn't handle over 99 visible APs). Every one has an unsecured network on it. The reason is we wish to provide visitors and guests with an easy way to get on the Internet. It is limited, web only, speed filters and so on, but it is open. The same APs also have secured networks on them, there is a WPA2-Enterprise network that you can access with your campus login and password that then has no speed or port restrictions, but of course you need a campus login. There is a VoIP network too (the reason for total coverage) but it is just for testing at this point.

It has nothing to do with being unaware of security, everything to do with not being assholes. A PSK security system would be worthless. It would be an unadministratable nightmare to try and change the password often enough and distribute it to do any good. Enterprise security works great for students, employees, and so on but isn't very helpful when you are talking guests, or just the public who wants to use our facilities (and we are a public institution and so have a duty to them). So open is the answer. You get on, it directs you to a "You agree to this shit," page, and away you go.

. Enterprise security works great for students, employees, and so on but isn't very helpful when you are talking guests,

The problem is the WiFi standards are broken/braindead (even after so many years). You can't easily provide secured WiFi channels to guest users.

They could have copied "https" where the clients can be anonymous and still have secured channels. They could have worked with Microsoft, Apple, dlink etc to set up a standard where the WiFi clients will try "WPA2 Enterprise" and log on as "anonymous" with password = "anonymous" (prompting/warning the user before that if the AP's fingerprint is new/different).

Some of those might be intentional: I run an unencrypted wifi AP which is
bandwidth limited and routed through Tor as a public service. It is used regularly.

Also not covered will be those with open APs but additional authentification/encryption
layers, e.g. using a VPN.

Around here (not Australia, admittedly), open wifi is nearly non-existent (and all open
ones I've encountered over the last two years or so seem to fall into the categories above) -
WEP "secured" APs are another story however, there is still a worrying number of those around.
And I'm certain most WEP users are entirely unaware of their de-facto openness.

What is sad is that most of those WEP AP's were done (some likely recently) by supposedly knowledgeable people, such as WorstBuy's IdiotSquad.

As a consultant it's infuriating how often I will come across new clients (even many companies) whose WiFi networks were secured by those morons out of incompetence. I have even seen them install small business servers with direct-to-internet connections and not even a NAT firewall, because "You can't have a VPN server behind a firewall" which we all know is bullsh**.

They are shipping routers that have encryption turned off by default. And the routers have WEP as an option. The manufacturers could ship all their routers with WPA-2 and a randomized password that is shipped separately in the box. But they dont.

It doesn't matter if they are intentional. From local coverage about the "issue" here in Australia I think certain groups are trying to push the idea that having unsecured Wi-Fi is criminal negligence at best.

The articles are amusing in that they make it seem like unsecured Wi-Fi is mostly used for illegal activities and then say that having unsecured Wi-Fi could land you in trouble for what guests do through your link. If the first is true then it can used as a defence in the second instance. Especially as more and more judges are realising that having IP logs doesn't prove much and dismissing such cases.

The recent surge in stories about this "issue" is imo a reaction to such developments.

Sorry, I'm just not seeing how this would be news to anyone technically adept enough to be interested in reading slashdot. Unsecured wifi is a problem in every part of the world, from third world countries just learning to use it to the most advanced countries. Ten thousand is a big number, but it shouldn't come as a surprise to anyone.

So what? If you use an insecure connection you know you are vulnerable to people who like to read your email and see what websites you visit. And the owner of the connection risks getting all kinds of viruses for free, and people downloading pr0n and other stuff via her network. Who else but the two people I mentioned should care?

As an Australian I am quite surprised that the number is so high. Here it has been the norm for ISPs to tiered monthly data plans where you pay for how much you use. From cheap plans for $20/mo for a few GB aimed at old people who only forward on chain emails from 1997 right to 1TB plans for torrenting all that public domain and Creative Commons content. Once it's used up your connection is throttled to an unusable 64kb/s for the remainder of the month (though some ISPs sell data recharge things).

Unlike Americas "unlimited" one-size-fits-all these users are losing what they paid for. Why would people be so stupid as to let their neighbours use up their 25GB on their shitty Telstra plan? Is setting up WPA2 really that difficult? Can these people read an instruction manual?

Over here (UK) you can't even get a modem from an ISP that isn't defaulted to have WPA2 on (if you follow their wizard to set it up - and I have to assume anyone savvy enough to set it up without the wizard probably understands the risks or at least is making a conscious choice to go sans security). I'm more surprised that AUS ISPs don't have the same policy - the cynical side of me wonders if it's linked to the fact that they have data limits and sell extra data bundles, you're less likely to care about b

There was a time when most WiFi hotspots were password-free and we could connect to the internet for free in most urban areas when we were travelling, with latencies and speeds that put 3G to shame.

Now, those times are gone forever. No more free internet for the casual user. No more sharing and love.

People like to talk about security but it's bullshit. We are not the winners in this ordeal. ISPs are. The security issues have an easy technical solution: The same one used by french ISPs to let its customers connect to other customer's WiFi.

They have a password-free Hotspot that sends you to web login and a separated, bandwidth-shaped VLAN for guests so they can't access network shares or do anything else.

The Finnish ISP Saunalahti had a "Wippies" project where you would get a free router and some cloud storage. The catch was that you complied to run a public wifi along your private network from the box.

And in some places, now, it also turns out that you can no longer just leave your keys in your car overnight, knowing that the only people who might drive it off without talking to you would be your neighbors, who you know will return it with more gas in the tank than they found. Not only that, the days of leaving your home unlocked seem to be fading, too. It's almost like there actually are people out there who are untrustworthy, willing to rip things off, and not at all worried about what the consequence

It's more the result of increasingly tyrannical government that prosecutes thought-crimes. Looking at information has victim and therefore no provable perpetrator. Of course for a long time in most places the pre-crime of leaving the keys in your car has been punishable, so maybe it's nothing new.

I had a spare AP, so I decided to leave it open for the public to make use of my internet during the day. The AP is on a manual time switch (you know, the one that plugs into the wall) so it switches the AP on at 8am, switches off at 5. Real technical stuff I know but seriously, what's the deal with all the press surrounding unsecured wifi nextworks? Is it still 2005? Even if people have encryption or mac address filtering, it's not going to make the world of difference? If someone wants something other tha

It isn't about not wanting to be nice, nowadays when police kick the door down first and ask questions later you don't want to be in a position where the local pervert has an easy route to browse his kiddie porn through YOUR network. Even if you can later prove it wasn't you the hassle and trouble involved is just not worth the risk. Even when most use crap security there generally is no point to breaking it as there is nearly always some other moron that leaves theres open. Even from my living room where I

Unfortunately, the pendulum of "justice" is that you're liable for wrongdoing on your connection. So if someone accessed child porn on your unsecured network, you're going to go through a big headache defending yourself.

Which is somewhat karmic given that a lot of geeks defend hacking, that anyone with their door unlocked deserve to be robbed, i.e. the liability for poor or non existent security should be on the owner, not the hacker. Now we're seeing exactly that, the tables have now turned to what geeks

I refuse to live in a world where Americans need "your papers please" or where our police are thugs. I refuse to be bullied by the TSA. It is our choice what world we wish to live in. If you give in, you give up; That way lies fear, depression, and death. I live in the same bright world that Ronald Reagan spoke of, a city on a hill....

So, evidently, Sydney has too many secured wifi points, right? 2.6% unsecured is less than the percentage of people with no financial information or anything interesting enough to steal... grandparents who don't do banking online are buying wireless laptops. Possibly, 2.6% of Sydney wifi administrators are confident of their ability to monitor access to their networks. If the ISPs take over the anti-virus implementation, as they are starting to do in the USA, the only problem would be lost business to

Some (most) websites only use HTTPS for the initial logon, and then they switch to HTTP for the rest of the transactions. This makes it possible, for example, for someone to hijack your Facebook account by stealing the logon cookie. It's mainly an issue with poorly coded sites.

So, out of all the networks they tested, only 9 networks we unsecured? I don't think this small a pool is very significant statistically. There could be a number of reasons for those 9 people to be operating a wifi without a password. It isn't necessarily just being "uninformed"

I choose to leave my wireless open. I view wireless "security" like this: 1) Write a secret message on a plain postcard. 2) Put it in to a safe. 3) Drive the safe to the post office. 4) Take the postcard out of the safe, give the post office people the postcard. 5) Postcard is now sent through the postal service. Now, the postcard transport to the post office IS secure, it's in a safe, nobody can read it, it's all good and super secure. The security breaks somewhat when the postcard is delivered to the post office, just like your "secure" wireless data connection is somewhat broken when it reaches the Internet, but.. people seem to like this kind of security. If you really want security then you need end-to-end encryption like SSL and https. My view is that thinking wireless "security" gives you much real security is just dump. It does prevent people from using your wireless, and that's about it. I don't mind, fetching a web page used close to zero percent of my bandwidth anyway.

I choose to leave my wireless open. I view wireless "security" like this: 1) Write a secret message on a plain postcard. 2) Put it in to a safe. 3) Drive the safe to the post office. 4) Take the postcard out of the safe, give the post office people the postcard.

I got this far before I realised your view of security is horribly broken.

The point of WiFi security is to prevent others from using your wifi when you dont want them to. There are a few reasons for this, 1) control what gets put through your network. 2) prevent others from using your bandwidth, slowing your connection down.3) Prevent others from consuming large chunks of your download cap (very prevalent in Oz).

Now how WPA works is.
1) put your postcard (packet) in a safe (encryption).
2) send that s

Just because they were "open" doesn't mean you could actually do anything with them.

I used to have a wireless network where all the clients were software-firewalled and the only traffic accepted over the wireless interfaces was VPN traffic to a server also on the wireless network (and that interface similarly firewalled). Hell, you didn't even have DHCP service on that interface.

So a million people could "join" my wireless network but:

1) None of them could talk to each other.2) None of them could talk to t

in any big city, try NYC or LA, or Detroit or Chicago, or any of the other big US Cities = full of inept people that bought PCs & laptops all connected via unsecured wifi because it is easier than running Ethernet cable all over the house

On online newspaper has broken the story that the majority of computer terrorism happens because of downloading executables and running them. "This results in the innocent user being asked why they were running TransvestiteIslamicHookers.avi.exe."

An internet security expert from PMITA University in Melbourne, Greg Markovy, said downloading executables could attract attacks on any devices on the same network, leading to the loss of personal da

Here in the US, I run an open access point on a DMZ with some traffic and speed restrictions. I run it for the convenience of my friends and guests. I'm no attorney, but we still prosecute the people who commit crimes, not the owners of the stuff used to commit the crime.

Why is it my responsibility to police the activity of others "trespassing" on my property? If a criminal is running through my back yard is it my responsibility to tackle him or shoot him? If a bad guy steals my car and uses it to rob a

My open AP sits on a segregated subnet. It is also running a captive portal. If you need to get into my private network, you must use a VPN client. If you want to browse freely on the Internet, you must authenticate to the captive portal.

What is one that allows you to segregate the wired from the wireless so they cannot talk to one another. I would like a wireless router that: The wireless can only access the wan. Do any of them do that? Extra points for a router that can only be administered via the wire.

I miss the good ol' days where you could fire up your device in a park or apartment complex or wherever and find an AP to connect to. Not any more.... You see a dozen APs, all locked down. End of an era...

In my area, if you drive around town then a lot of places show up as "Unsecured wireless network" but if you try to access the Internet through it, it redirects all traffic to one particular location that wants you to put in a username/password (which you have to have paid for via some other channel previously).

WPA has no structural flaws. It's as strong as the passcode you use. If I use a random 64 character passcode with a full alphabet (upper and lower case alpha, numerals, special characters) then I would comfortably give you until the heat death of the universe to crack it, that same password. It's not going to happen. You'd be better off kidnapping the owner and beating it out of them, that at least COULD work.

You'd be better off kidnapping the owner and beating it out of them, that at least COULD work.

Or possibly not. I don't know about you, but I don't remember the 64 random characters in my passcode, and no amount of beating is going to make me remember. Of course, if you ask me where I wrote it down, that you could beat out of me, but it's on my desktop computer, and once you have access to that, all bets are off anyway.

Wireless networks are not secure even with WPA/WPA2, unless you feel like changing the password every other day. Even my grandma is sharp enough to follow the instructions on various youtube-clips for cracking WPA/WPA2..

Oh? Beyond brute-forcing with dictionary passwords? Mind providing a link to one of those videos?
I think I would've heard of WPA2 being broken, it being AES-based and all...

But how many of those 2.6% have MAC address filtering? No password, but if you try to connect it won't work. You're not encrypted, so your packets can still be sniffed. But if you just want to stop casual users logging on and stealing your bandwidth it's a perfectly acceptable solution.

I do it easier.. I have a spare 54GL sitting at the peak of my attic without any internet on it broadcasting about 60 AP's that say... Linksys, netgear, dlink, etc all open and unsecured. The cool part is the AP sits on a metal plate SHIELDING it's signal from my home. you cant see the AP's it's broadcasting from inside the house. (Knowing how RF works is a good thing)

It had two effects.

1 - it chased all the neighbors away from the channel I have them all broadcasting on.2 - it forced all the neighbors to actually configure their routers to not have the name "linksys, dlink, netgear....." and they added encryption as they all show locks now.

Works great, and I am sure I give the wardriving kiddies as well as leaches fits when they try to connect to them. the one real AP up there called "FreeWifi" is my throttled and filtered free wifi AP I provide. works great and last time I checked it was getting used at least 5 times a week. It times out and drops you to a capture page every 50 minutes to annoy the cheap neighbors trying to leach. And no it does not mess up my WiFi as I use the channel it's on. it's the quietest channel for 4 blocks around because of my broadcaster.

Or a non-psychic could simply look for one that is currently used and being accepted. Ideally you would monitor for a while and find one that is switched off, but it seems to work (with a high error rate) if you spoof an existing MAC address even when its active.